473,388 Members | 924 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,388 software developers and data experts.

Getting form info into a mysql select statement

Hi,

I'd like to get user input from an html form into a mysql select
statement. Here's where I'm stumped:

$result = mysql_query("SELECT * FROM dept WHERE notes LIKE
'%search-string%'",$db);

I need to get the user's input into the '%search-string%' section, but I
do not understand how to do this. I can hard-code a specific search
string and it will work, but I want the users to be able to dynamically
define the search-string. So, I created a basic html form and used the
post method to grab their input, but now I can't insert that input into
the mysql select statement. Any ideas? I think it should be easy, I just
don't know how to do it. I've tried this:

$result = mysql_query("SELECT * FROM dept WHERE notes LIKE
'%$_POST["search"]%'",$db);

But it doesn't work. Below is the form in html and the php file:

<html>
<title>Search Test</title>
<head>
</head>
<body>
<form action="search-db.php" method="POST">
<p>Enter Your Search: <input type=text name=search></p>
<input type="submit">
</form>
</body>
</html>
-----------------------------------------------------------
<html>
<body>
<?php
$db = mysql_connect("localhost", "Anonymous");
mysql_select_db("computers",$db);
$result = mysql_query("SELECT * FROM dept WHERE notes LIKE
'%surplus%'",$db);
echo "<table border=1>\n";
while ($myrow = mysql_fetch_array($result)) {
printf("<tr><td><b>%s</b></td></tr>\n", $myrow[notes]);
}
echo "</table>\n";
?>
</body>
</html>

Jul 17 '05 #1
3 8777
"hokieghal99" <ho********@hotmail.com> wrote in message
news:bn**********@solaris.cc.vt.edu...
Hi,

I'd like to get user input from an html form into a mysql select
statement. Here's where I'm stumped:

$result = mysql_query("SELECT * FROM dept WHERE notes LIKE
'%search-string%'",$db);

I need to get the user's input into the '%search-string%' section, but I
do not understand how to do this. I can hard-code a specific search
string and it will work, but I want the users to be able to dynamically
define the search-string. So, I created a basic html form and used the
post method to grab their input, but now I can't insert that input into
the mysql select statement. Any ideas? I think it should be easy, I just
don't know how to do it. I've tried this:

$result = mysql_query("SELECT * FROM dept WHERE notes LIKE
'%$_POST["search"]%'",$db);

But it doesn't work. Below is the form in html and the php file:

<html>
<title>Search Test</title>
<head>
</head>
<body>
<form action="search-db.php" method="POST">
<p>Enter Your Search: <input type=text name=search></p>
<input type="submit">
</form>
</body>
</html>
-----------------------------------------------------------
<html>
<body>
<?php
$db = mysql_connect("localhost", "Anonymous");
mysql_select_db("computers",$db);
$result = mysql_query("SELECT * FROM dept WHERE notes LIKE
'%surplus%'",$db);
echo "<table border=1>\n";
while ($myrow = mysql_fetch_array($result)) {
printf("<tr><td><b>%s</b></td></tr>\n", $myrow[notes]);
}
echo "</table>\n";
?>
</body>
</html>

Try this:

$searchstring = $_POST['search'];
$result = mysql_query("SELECT * FROM dept WHERE notes LIKE
'%$searchstring%'",$db);

JM
New River Industries, Inc. (Right around the corner from you!)


Jul 17 '05 #2

On 24-Oct-2003, hokieghal99 <ho********@hotmail.com> wrote:
I'd like to get user input from an html form into a mysql select
statement. Here's where I'm stumped:

$result = mysql_query("SELECT * FROM dept WHERE notes LIKE
'%search-string%'",$db);

I need to get the user's input into the '%search-string%' section, but I
do not understand how to do this. I can hard-code a specific search
string and it will work, but I want the users to be able to dynamically
define the search-string. So, I created a basic html form and used the
post method to grab their input, but now I can't insert that input into
the mysql select statement. Any ideas? I think it should be easy, I just
don't know how to do it. I've tried this:

$result = mysql_query("SELECT * FROM dept WHERE notes LIKE
'%$_POST["search"]%'",$db);

But it doesn't work. Below is the form in html and the php file:


remove the double quotes from around search.

$result = mysql_query("SELECT * FROM dept WHERE notes LIKE
'%$_POST[search]%' ",$db);

Please note that this is VERY UNSAFE and leaves you open to a security
problem called an SQL Injection attack. At the very least you should code:
$search_string = addslashes($_POST['search']);
$result = mysql_query("SELECT * FROM dept WHERE notes LIKE
'%$search_string%' ",$db);

--
Tom Thackrey
www.creative-light.com
tom (at) creative (dash) light (dot) com
do NOT send email to ja*********@willglen.net (it's reserved for spammers)
Jul 17 '05 #3
Jim Moseby wrote:
Try this:

$searchstring = $_POST['search'];
$result = mysql_query("SELECT * FROM dept WHERE notes LIKE
'%$searchstring%'",$db);

JM
New River Industries, Inc. (Right around the corner from you!)


Thanks, that works great! It's a small world, isn't it?

Jul 17 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: James | last post by:
Please help - getting very desperate! Sun, 12 October 2003 05:39 I have PHPDEV 4.2.3 from Firepages.com.au as the upgrade to 4.3.0 did not work. I also had an abortive download from PHP.NET as...
1
by: Mavis | last post by:
Hi, I'm trying to use a simple form to select by which column I will display output from a MySQL database. I'd like to display based on ORDER BY and select Written, Average, etc. I know the...
13
by: Neal | last post by:
I've got 2 tables. One, I manually insert data into for HTTP authentication. It has 3 fields: username, password, school. Once the user enters the corrrect u and p, the school name shows up hard...
9
by: starbuck | last post by:
Hi, have a form, with a text input "fieldname". method POST $var = $_POST $var is then used to search in mysql select * from table where jobtype like '$var%'
25
by: Lyn | last post by:
Hi, I am working on a genealogy form. The only table (so far) lists everybody in the family, one record per person. Each record has an autonum ID. The parent form (frmMainForm) displays the...
2
by: misschristalee | last post by:
I'm having a brain blockage day.... Scenario: Search Form with 6 text boxes Query has same six fields Each has this IIF: IIf(IsNull(!!),"",!!) with each dictating the correct text box of...
6
by: Teep | last post by:
Below is my code for dropdownlist that is populated from a SQL table. After a selection from the ddl, a datagrid is suppose to come up pertaining to the information selected, but I keep getting a...
12
by: Lennart Anderson | last post by:
I'm having a MySQl table wih a lot of information. I want to present some main fields in a table on one page. Each record do, of course, have a unique ID. The presnted table will have one field as...
1
by: tomlebold | last post by:
Having problems displaying query results from combo boxes on a sub form, which is on the same form that is used to select criteria. This has always worked form me when displaying query results on...
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
0
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
0
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.